The ransomware attack happened on November 29, 2018. The clinic immediately shut down the network to stop the malware from spreading; however, that did not prevent the encryption of files stored on two servers. A ransom demand was received but the clinic did not make any payment. The clinic recovered the encrypted files successfully from backups.

The investigation of the breach revealed patient information was potentially accessed by the attackers. Patient information included in the compromised files was limited to names, Social Security numbers, and certain treatment data.

Dr. DeLuca Dr. Marciano & Associates made the following improvements to cybersecurity to prevent further attacks: Blocking remote network access, using technical solutions to secure against ransomware, and improving its anti-virus software.

Although no evidence was uncovered that confirmed PHI access or data theft, the clinic has sent notification letters by mail to all persons whose PHI was potentially exposed. Free credit monitoring and identity theft protection services have been offered to breach victims.

The appropriate authorities have been informed of the ransomware attack. The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal indicates 23,578 patients were impacted by the breach.

Chaplaincy Health Care discovered the phishing attack on November 20, 2018. With the help of a third-party computer forensics company, Chaplaincy Health Care established that an unauthorized individual gained access to a single email account for a period of approximately 4 hours.

The email messages in the account included patients’ names, addresses, birth dates, medical record numbers, prescription medication details, dates of service, and the final 4 digits of Social Security numbers.

All affected patients were sent breach notification letters on January 3, 2019. Chaplaincy Health care has offered free credit monitoring and identity theft protection services to the breach victims.

Chaplaincy Health Care has provided its employees further training on email security and has implemented two-factor authentication to safeguard against unauthorized account access. The breach report sent to OCR indicates 1,086 patients were potentially affected by the breach.